Yield-generating stablecoin project Origin Dollar exploited for $7M

Published at: Nov. 17, 2020

Origin Dollar (OUSD), the yield-generating stable token launched by Origin Protocol in late September, has been hacked to the tune of $7 million.

On Nov. 17, Origin Protocol founder Matthew Liu announced the stablecoin had been hacked, noting that $1 million of the $7 million in lost funds, which included Dai and Ether (ETH), had been deposited by Origin’s founders, employees and the company itself.

The team currently does not know the exact nature of how the exploit was carried out, however they noted a flash-loan transaction that appears to be “the root of the attack.” The transaction cost nearly 0.54 Ether to complete.

“The team is all-hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits. Expect an updated post within an hour.”

In response to the attack, deposits to the OUSD vault have been disabled, and traders have been advised not to purchase the token:

”Please do not buy OUSD on Uniswap or Sushiswap as the current prices do not reflect OUSD’s underlying assets. This is a quickly moving process, and our entire team has been mobilized to tackle the crisis.”

Leu added that the team has no intention of “going away,” emphasizing that the events do not comprise “a rug pull or internal scam.”

According to CoinGecko, OUSD is currently trading for less than $0.10 on Uniswap.

According to crypto venture firm Hex Capital’s Nick Chong, the hacker is currently washing the stolen funds using Bitcoin tokenization protocol RenBTC.

Chong also noted Origin’s breach is the fifth major flash-loan attack to hit DeFi in the past three weeks, following attacks targeting Harvest, Akropolis, Value and CheeseBank.

Tags
Related Posts
THORChain loses up to $7.6M in ‘Chaosnet’ exploit, offers hacker a bounty to return funds
Popular cross-chain decentralized exchange THORChain has suffered a multi-million-dollar breach. Estimates as to the scale of the damage vary, with THORChain revising the initial estimate that 13,000 Ether (ETH) (worth $25.1 million) had been stolen, bringing the total down to 4,000 ETH (roughly $7.6 million) as a ballpark for damages. A subsequent community-provided rundown of stolen assets suggests the figure is closer to $6 million. At this stage the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH. More detailed assessment and recovery steps will be announced soon. The users who suffered (LPs) will be …
Altcoin / July 16, 2021
Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack
Major decentralized finance protocol Yearn.Finance (YFI) has restored its yDAI vault in the aftermath of a $11 million exploit by hackers. Yearn announced Tuesday that they opened a Maker vault with YFI tokens from the treasury and minted 9.7 million DAI tokens from the vault to keep the yDAI vault intact. Using borrowed money allows the project to reimburse users without taking a hit to the treasury, either due to possible YFI appreciation or by gradually repaying the debt with protocol revenue. The team said that this is a one-off occurrence, as they expect users to hedge their own risks …
Technology / Feb. 9, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Another depeg — Acala trace report reveals 3B aUSD erroneously minted
High-profile security incidents continue to be a theme in 2022 as the Acala Network joined a long list of stricken platforms to fall prey to exploits. Acala’s aUSD token, which acts as the native stablecoin for the Polkadot and Kusama blockchains, saw its value plummet 99% after a misconfiguration of the iBTC/aUSD liquidity pool was exploited after its launch on Aug. 14. Initial estimates from Acala noted that 1.2 billion aUSD were minted without the necessary collateral - seeing the token’s value depeg from its 1:1 USD ratio to a bottom of $.01. Acala put its network in maintenance mode …
Blockchain / Aug. 17, 2022
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …
Altcoin / Dec. 11, 2022